For Programmers: Free Programming Magazines  


Home > Archive > Java Security > April 2004 > Root Certificate Installer









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author Root Certificate Installer
Roedy Green

2004-04-30, 5:58 am

I have written up a proposal for a tool to automatically update root
certificates.

See http://mindprod.com/projrootcertinstaller.html

It would be nice if we could get all the code signing authorities to
use it.


--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Michel Gallant

2004-04-30, 5:59 am

Here is a cert-import utility I wrote a few years ago (just updated signature to JPI v 1.4+):
http://www.jensign.com/JavaScience/www/importcertutil

The certificate is self-signed (JavaScience1). The SHA1 hash of the signing cert is:
2348 2020 230F CE40 F47E C415 EF61 F08B 7AB6 FE07

It was originally designed for just the purpose you mentioned below.

- Mitch Gallant
www.jensign.com


"Roedy Green" <see@mindprod.com.invalid> wrote in message
news:1s3390pmqbigfhlvfs3qp3alvcnnm8c4em@
4ax.com...
> I have written up a proposal for a tool to automatically update root
> certificates.
>
> See http://mindprod.com/projrootcertinstaller.html
>
> It would be nice if we could get all the code signing authorities to
> use it.
>
>
> --
> Canadian Mind Products, Roedy Green.
> Coaching, problem solving, economical contract programming.
> See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.


Roedy Green

2004-04-30, 5:59 am

On Thu, 29 Apr 2004 21:17:42 -0400, "Michel Gallant"
<neutron@NOSPAMistar.ca> wrote or quoted :

>Here is a cert-import utility I wrote a few years ago (just updated signature to JPI v 1.4+):
> http://www.jensign.com/JavaScience/www/importcertutil

I tried it out with Java 1.4.2_04


Audio cache: enabled
ClassLoader cache size: 10
Accept: false
java.security.AccessControlException: access denied
(java.util.PropertyPermission user.home read)
at java.security.AccessControlContext.checkPermission(Unknown
Source)
at java.security.AccessController.checkPermission(Unknown
Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown
Source)
at java.lang.System.getProperty(Unknown Source)
at ImportCert.getDefaultStoresInfo(ImportCert.java:124)
at ImportCert.init(ImportCert.java:102)
at com.opera.PluginPanel.run(PluginPanel.java:441)
at java.lang.Thread.run(Unknown Source)
--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Roedy Green

2004-04-30, 5:59 am

On Fri, 30 Apr 2004 01:58:22 GMT, Roedy Green
<see@mindprod.com.invalid> wrote or quoted :

>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

I don't know why it is doing that. Perhaps we need an applet that just
figures out which permissions ARE enabled, and possibly displays the
corresponding policy files.


--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Roedy Green

2004-04-30, 5:59 am

On Fri, 30 Apr 2004 01:58:22 GMT, Roedy Green
<see@mindprod.com.invalid> wrote or quoted :

>Audio cache: enabled
>ClassLoader cache size: 10
>Accept: false
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

that is with Opera. believe it has its own policy file. It worked
with Mozilla.

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Roedy Green

2004-04-30, 5:59 am

On Fri, 30 Apr 2004 01:58:22 GMT, Roedy Green
<see@mindprod.com.invalid> wrote or quoted :

>
>I tried it out with Java 1.4.2_04
>
>
>Audio cache: enabled
>ClassLoader cache size: 10
>Accept: false
>java.security.AccessControlException: access denied
>(java.util.PropertyPermission user.home read)

Here is Opera's policy file. It is so close to Sun's I can't see why
it would deny you the right to look at user.home.



// Standard extensions get all permissions by default

grant codeBase "file:${java.home}/lib/ext/*" {
permission java.security.AllPermission;
};

// Opera package classes get all permissions

grant {
permission java.lang.RuntimePermission
"accessClassInPackage.sun.*";
};

// default permissions granted to all domains

grant {
// Allows any thread to stop itself using the
java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to
remain
// backwards compatible.
// It is strongly recommended that you either remove this
permission
// from this policy file or further restrict it to code
sources
// that you specify, because Thread.stop() is potentially
unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";

// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-",
"listen";

// "standard" properies that can be read by anyone

permission java.util.PropertyPermission "java.version",
"read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url",
"read";
permission java.util.PropertyPermission "java.class.version",
"read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator",
"read";
permission java.util.PropertyPermission "path.separator",
"read";
permission java.util.PropertyPermission "line.separator",
"read";

permission java.util.PropertyPermission
"java.specification.version", "read";
permission java.util.PropertyPermission
"java.specification.vendor", "read";
permission java.util.PropertyPermission
"java.specification.name", "read";

permission java.util.PropertyPermission
"java.vm.specification.version", "read";
permission java.util.PropertyPermission
"java.vm.specification.vendor", "read";
permission java.util.PropertyPermission
"java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version",
"read";
permission java.util.PropertyPermission "java.vm.vendor",
"read";
permission java.util.PropertyPermission "java.vm.name",
"read";
};
grant codeBase "file:/E:/Program Files/Opera75/classes/Opera.jar" {
permission java.security.AllPermission; };

--
Canadian Mind Products, Roedy Green.
Coaching, problem solving, economical contract programming.
See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com